205 matches found
CVE-2019-1003086
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003091
A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
PT-2019-11367 · Jenkins · Jenkins Audit To Database Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: A missing permission check in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiat...
PT-2019-11369 · Vmware +1 · Jenkins Vmware Lab Manager Slaves Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins VMware Lab Manager Slaves Plugin affected versions not specified Description: A missing permission check in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate...
PT-2019-11382 · Jenkins · Jenkins Nomad Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin affected versions not specified Description: A cross-site request forgery issue exists in the NomadCloud.DescriptorImpldoTestConnection form validation method, allowing attackers to initiate a connection to an...
PT-2019-11694 · Jenkins · Jenkins Kmap Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Kmap Plugin affected versions not specified Description: A cross-site request forgery issue exists in the form validation methods of KmapJenkinsBuilder.DescriptorImpl, allowing attackers to initiate a connection to an attacker-specifi...
PT-2019-11348 · Jenkins · Jenkins Ftp Publisher Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins FTP publisher Plugin affected versions not specified Description: A cross-site request forgery issue exists in the FTPPublisher.DescriptorImpldoLoginCheck method, allowing attackers to initiate a connection to an attacker-specified...
PT-2019-11680 · Jenkins · Jenkins Jenkins-Reviewbot Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins jenkins-reviewbot Plugin affected versions not specified Description: A cross-site request forgery issue exists in the ReviewboardDescriptordoTestConnection form validation method, allowing attackers to initiate a connection to an...
PT-2019-11372 · Jenkins · Jenkins Gearman Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Gearman Plugin affected versions not specified Description: A cross-site request forgery issue exists in the GearmanPluginConfigdoTestConnection form validation method, allowing attackers to initiate a connection to an...
PT-2019-11380 · Jenkins · Jenkins Soasta Cloudtest Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins SOASTA CloudTest Plugin affected versions not specified Description: A cross-site request forgery issue exists in the CloudTestServer.DescriptorImpldoValidate form validation method, allowing attackers to initiate a connection to an...
PT-2019-11370 · Jenkins · Jenkins Openshift Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin affected versions not specified Description: A cross-site request forgery issue exists in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method, allowing attackers to initiate a...
CVE-2019-9760
FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption...
Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords
Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like...
GHSA-M5H6-HR3Q-22H5 npm Token Leak in npm
Affected versions of the npm package include the bearer token of the logged in user in every request made by the CLI, even if the request is not directed towards the user's active registry. An attacker could create an HTTP server to collect tokens, and by various means including but not limited t...
Microsoft Enhanced Mitigation Experience Toolkit (EMET) XML External Entity Injection Vulnerability
Microsoft Enhanced Mitigation Experience Toolkit is a security tool introduced in response to vulnerabilities. It protects users from attacks even when patches are not installed through technologies such as Data Execution Protection DEP, Structured Exception Handling Override Protection SEHOP, an...
CVE-2018-4844
A vulnerability has been identified in SIMATIC WinCC OA UI for Android All versions V3.15.10, SIMATIC WinCC OA UI for iOS All versions V3.15.10. Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache...
Open-Xchange: SSRF in /appsuite/api/autoconfig
FYI: This was conducted on a local install of App Suite and not the sandbox. App Suite version was: 7.8.4 Rev14 Hello, There is a possible SSRF vulnerability in the following App Suite API endpoint that will primarily allow blind port scanning of the App Suite server and any internal servers...
jenkins-plugin-subversion: CSRF vulnerability and insufficient permission checks allow capturing credentials (SECURITY-303)
Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...
ALPINE-CVE-2017-0902
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...
UBUNTU-CVE-2017-0902
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...